856

submitted 3 months ago by Interstellar_1@lemmy.blahaj.zone to c/196@lemmy.blahaj.zone

93 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] ramble81@lemm.ee 35 points 3 months ago

So I guess I must be a leet haxor because of all the businesses I configured for the 172.x space because 192.168.x space was too small and 10.x space was way the hell too big.

[-] adamth0@lemmy.world 7 points 3 months ago

For bigger networks, I always went with 10.0.0.0/8 for endpoints, 172.16.0.0/12 for servers and other back-end services, leaving 192.168.0.0/16 for smaller networks like OOB IPMI (eg HP iLO, Dell iDrac) services, cluster heartbeat connections, and certain DMZ segments.

[-] ramble81@lemm.ee 3 points 3 months ago* (last edited 3 months ago)

That’s doable too. A lot of people don’t realize you can route all of those together. It’s even more fun as technically you can route private addresses across public links if you own both ends of the link. Used to see that done at a large ISP to route their internal network and it’d pop new networking admins minds.

ETA: I would use 192.x IPs for unrouted subnets like heartbeats or iSCSI.

[-] Natanael@slrpnk.net 1 points 3 months ago* (last edited 3 months ago)

Common to see big businesses with multiple locations using P2P VPN binding together all sites like one big LAN. Perhaps not ideal from a security standpoint to have the client network so flat, but eh 🤷

Usually a handful of extra important servers are behind an extra layer of firewall rules and/or on a different VLAN with limits on what devices can connect to them.